Wrong example in faq for ppp
Pablo Carboni
gervi at ciudad.com.ar
Wed Aug 18 16:40:49 UTC 2004
Dear sir,
While trying to set up ppp filters for my dialup-on-demand link, I've found on
http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/ppp.html (Chapter 14),
14.17 item, the following:
set dfilter 1 deny udp src eq 53
set dfilter 2 deny udp dst eq 53
set dfilter 3 permit 0/0 0/0
The example written above, doesn't work at least with FreeBSD v4.2 or greater. (At
least, I've tested on 4.2, 4.7, 4.8, 4.9, and 4.10, and looked over usr/sbin/ppp
sources, where it doesn't appear. In fact, and older version for README.changes file,
which cvs log says "Mon Jun 8 20:23:43 1998 UTC ",
states:
"o Filters are now called `allow', `dial', `in' and `out'. `set
ifilter ...' becomes `set filter in ...' etc.".
I think the example above should be written as:
set filter dial 0 deny udp src eq 53
set filter dial 1 deny udp dst eq 53
set filter dial 2 permit 0/0 0/0
(Note the space before 'set' command, and the '0' dial rule)
It should be noted that ppp filters only work if a 'zero' rule exists for each purpose.
(Dial, alive, in, out).
In other words, the 'dial' rule, with zero as starting number, is which triggers the rest
of the 'dial' filter rules (and does the dial-up link)
Btw, a 'dfilter' word appears also on http://www.freebsd.org/doc/en_US.ISO8859-
1/books/handbook/userppp.html, 21.2.1.5 'Final System configuration':
"If you do not like this, it is possible to set up a ``dfilter'' to block SMTP
traffic. Refer to the sample files for further details"
Pablo Carboni.
[gervi at ciudad.com.ar]
More information about the freebsd-doc
mailing list